Securing access to information and resources is an important function of business software. Business software stores sensitive information, including financial records, credit card numbers, customer lists and client records. The effects of unauthorized access to this sensitive information can be costly and dangerous.
For example, medical records software in a hospital should allow only those with a legitimate need, such as a doctor or nurse, to access patient records. Unauthorized access to patient records unnecessarily compromises patient privacy. Business software should secure sensitive information, such as patient records, by preventing unauthorized access to sensitive information.
One manner of providing software security is to use role-based declarative security. In role-based declarative security, an administrator or deployer assigns each user of a software application an appropriate role. The administrator also allocates each resource, such as a database, an object, a data structure, a printer, a network, an application, and the like, a permission assignment comprising a list of roles that may legitimately access the resource.
Typically, the software application executes within an application server. Each time a user requests access to a resource, the application server compares the role assigned to the user with the permission assignment for the resource to determine whether access is permissible. If the user's role is on the permission assignment list, the application server allows the user to access to the resource. If the role is not on the permission assignment list, the application server denies access to the resource.
For example, each user of medial records software may be assigned a role such as “patient,” “doctor,” “nurse,” “administrator,” “nutritionist,” or “orderly.” The application administrator assigns each resource, such as a patient record, a printer, or a telephone directory, a permission assignment containing a list of the roles that may legitimately access the resource. A patient record may have a permission assignment including the roles “doctor” and “nurse.”
The application server underlying the software would allow a user assigned the role “doctor” to access the patient record since “doctor” is one of the roles included in the patient record's permission assignment. However, a user assigned the role “orderly” would not be allowed access to the patient record since “orderly” is not one of the roles included in the patient record's permission assignment.
In role-based declarative security, users are assigned a role based on their designations. For example, all doctors receive the “doctor” role and all nurses receive the “nurse” role. This conventional approach results in limited granularity of roles. For example, all users assigned the role “doctor” in a role-based access scheme may be permitted to access patient records.
In the example described above, role-based declarative security allows a doctor to access a patient record for someone who is not that doctor's patient but another doctor's patient. Such access may compromise patient privacy. This problem may be overcome by creating a unique role for each doctor and allocating that role to the permission assignment of each of each doctor's patients.
Furthermore, a programmer may have to modify and re-release the software for purposes of creating new role types each time new access conditions exist. For example, a new role type defined as a “Primary Care Physician” may provide access to only those patient records that lists a particular doctor as being an authorized participant of the general “doctor” role. To account for this situation, a programmer would have to re-release the software to take into account the new role type for the general role. This approach is impractical. Consequently, role-based declarative security does not offer a practical way to implement fine-grained role-based security.
Of course, the software application could perform role-based security rather than the underlying application server. This approach to security is known as application security or imperative security. However, the code required to properly control access is complex and expensive to implement.
Accordingly, there is a need for improved techniques of role-based declarative security. The security techniques should implement fine grain access controls for a given resource, without modifying interfaces associated with that resource.